FluxCapacitor :@

Hello, if someone can help me too on PM please… I’m stuck and i don’t know what to do… Thank you.

Hello, if someone can help me too on PM please… I’m stuck and i don’t know what to do… Thank you.

@kali2020 said:

@1337 said:
Estihex : Do a research about ( for example ‘*’ etc )

I do not get it, what do you mean research about? Fuzzing with the () or * or what? I am terrible stuck on this, please PM if you have a clue…

+1

Done!

I think the information in this thread is enough to solve the challenge. However it took me quite a bit of trial and error before I understood what 1337 actually meant with his comment.

frends say in this HTB i increase my hacking knowldege anyone tell me how

My advice for this one would be to use something like wfuzz and fuzz the area that looks suspect. This one is unfortunately a lot of trial and error and there’s not much of a way around that without spoiling.

Did you know the author of the VM has a blog? It helped me a lot with getting RCE once I had found a vulnerable vector.

man glob

any good study resources about waf?

@m0nk3yy said:
any good study resources about waf?

Its from the maker of flux…

2nd part

Thanks @Nelis1982 exactly what i was looking for :slight_smile:

If someone is willing to discuss my approach with me (not asking for hints, but for an exchange) i‘d be happy to drop a pm. Want to know if i am on the right path. :slight_smile:

For the last 2 days I tried a lot of things, found something but can’t go any further. Can someone DM me for giving some hint about the waf evasion? I have read some posts of creator’s on his blog.

i am indeed confused as well, have this thing doing a … thing, from curl, but not sure how this can be abused

Similar to erkana above, I have spent 4 days trying lots of things and read the creators post. I found the “area” but don’t know how to get a foothold to try the creators evasion techniques? Please can someone DM me with a hint.

Hey,
I found something valid on the server but am struggling with the correct execution of the attack. Can someone give a little hint on what to do after complete enumeration?
I try to not give anything away, so if anyone wants to chat, I am open for PMs as well.
Hopefully, someone can help me, struggling with this box for a week and it feels like trial and error since then.
Thanks :slight_smile:

found an interesting param and lots of ideas about wafs, now if i could just figure out how to trigger the actual vuln! xD

@d1am0ndz said:
found an interesting param and lots of ideas about wafs, now if i could just figure out how to trigger the actual vuln! xD

Any hint about finding the param?
There is a hidden area, but no space to place input.
Thanx in advance!